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(57) Abstract: A method and apparatus for enhancing security in a 
wireless network using distance measurement (30) techniques provides 
an additional layer of security and privacy in wireless communications 
(37). A distance measurement or location finding is performed 
between two devices by transmitting and receiving one or more signals 
and computing a distance between the two devices or a location of a 
connecting device (31). The resulting computed distance or location is 
used to determine whether or not to permit pairing, secure connection 
or secure transactions between the two devices (33). The computed 
distance or location can be further used in combination with a signal 
strength measurement to link to locate and measure nearby devices 
first, reducing the time required to initialize network' communications 
(34). Management software may be enhanced facilitate connecting 
to desired devices by providing an indication of computed distance 
or location of each device (34), and a list may be generated in order 
of proximity, further facilitating connection to the desired devices. 
Set-up of wireless networks may automated by using a short distance 
to facilitate connection between nodes (35). 
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METHOD AMD APPARATUS FOR ENHANCING SECURITY IN A WIRELESS 
NETWORK USING DISTANCE MEASUREMENT TECHNIQUES 

CROSS-REFERENCE TO RELATED APPLICATIONS 

5 The present application is related to previously-filed 

United States Patent Applications assigned to the same 
assignee: "DISTANCE MEASURING METHOD AND APPARATUS USING RF 
MODULATED ELECTROMAGNETIC WAVES IN WIRELESS APPLICATIONS" , 
Serial No. 09/548,732, filed April 13, 2000; "ACCURATE 

10 DISTANCE MEASUREMENT USING RF TECHNIQUES", Serial No. 

09/759,601 filed January 16, 2001; "SYSTEM AND METHOD FOR 
REDUCING MULTIPATH DISTORTION IN WIRELESS DISTANCE MEASUREMENT 
SYSTEMS", Serial No. 09/759,600, filed January 16, 2001; 
"DISTANCE MEASUREMENT USING HALF-DUPLEX RF TECHNIQUES", Serial 

15 No. 09/759,602, filed January 16, 2001; and "METHOD AND SYSTEM 
FOR DISTANCE MEASUREMENT IN A LOW OR ZERO INTERMEDIATE 
FREQUENCY HALF-DUPLEX COMMUNICATIONS LOOP", Serial No. 

09/ , filed May 2, 2002. The specifications of the 

above-referenced U.S. Patent Applications are herein 

20 incorporated by reference. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates generally to communications 
25 loops, and more specifically, to a method and system for 
providing enhanced loop security by measuring a distance 
between transceivers. 

2. Background of the Invention 

30 A multitude of wireless communications systems are in 

common use today. Mobile telephones, pagers and wireless- 
connected computing devices such as personal digital 
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assistants (PDAs) and laptop computers provide portable 
communications at virtually any locality. In particular, 
BLUETOOTH devices provide a wireless network operating in the 
2.4 GHz Industrial Scientific and Medical band (BLUETOOTH is a 
trademark of Bluetooth SIG, Inc., which is an acronym for 
Bluetooth Special Interest Group - a consortium of wireless 
device manufacturers). Wireless local area networks (WLANs ) 
and wireless personal area networks (WPANs) according to the 
Institute of Electrical and Electronic Engineers (IEEE) 
specifications 802.11 (WLAN) , 802.15.1 (WPAN) and 802.15.4 
(WPAN-LR) also provide wireless interconnection of computing 
devices and personal communications devices, as well as other 
devices such as home automation devices. 



15 Within the above-listed networks and wireless networks in 

general, privacy and security are increasingly necessary as 
devices connected to such wireless networks control critical 
systems, funds transactions and may contain and exchange 
confidential information. Wireless networks generally fall 

20 within one of two categories: "ad-hoc networks" or 

"infrastructure networks". Ad-hoc wireless networks permit 
connection of devices on an ad-hoc basis wherein devices may 
enter the range of the wireless network and thereby connect to 
other devices. Pre-conf igured infrastructure wireless networks 

25 typically permit connection of only authorized devices that 
are part of the infrastructure known by information stored in 
a database during network configuration. 



Security in an ad-hoc network is difficult to establish, 
30 as the only presently available means for uniquely identifying 
a device is the device name and address, which in many cases 
can be easily impersonated. Further, since the motivation 
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behind ad-hoc connectivity is ease of connection for devices 
that are not part of a pre-conf igured infrastructure, the use 
of names or addresses to block a connection may not be 
desirable in general. Security in an infrastructure wireless 
5 network is easier to implement, as the device names and 
addresses are known and key information may be exchanged 
during network set-up, providing a means for securing the 
connection of an infrastructure device after an initial set- 
up. However, infrastructure devices are still subject to 
10 impersonation based on interception (reception) of the 
connection information during the set-up process. 

Security protocols in use to protect the set-up process 
or connection of an ad-hoc device include passwords, 

15 verification of device types and names that are typically used 
in conjunction with key exchange protocols or in the 
generation of the keys. The establishment of the connection is 
followed by secured communications encrypted and decrypted 
using resulting keys. While encryption and decryption can 

20 provide very secure communications, key exchange during 

network setup or ad-hoc connection is a primary weak link in. 
the overall security measure. If an unauthorized device is in 
the vicinity of a wireless network, it may monitor the network 
during a key exchange period and retain the information for 

25 subsequent connection by impersonating a legitimate device. 
Further, devices that are not hostile, but are undesired for 
connection, may accidentally connect during network set-up or 
as ad-hoc devices if they are within communications range of 
the network. 

30 

Techniques to reduce the possibility of unauthorized or 
accidental connection generally complicate the setup of 
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wireless networks. A network user or adnunistrator may be 

required to enter a password or Personal Identification n k 
(PIN) ah • ^aencirication Numbt-r 

" the meeting ^ice or a pair of devices, but 
manual password or ,„ entry is tedious and time-consuming and 
the password .ay be compromised or hacked. Mso. for ad-hoc 
oonnections generation or agreement on a unique PIN ls 
gene n lnconvenient . por lnfrastructure 

entered keys or digital oertifioates .ay be used that are 
retained in the device, but they are aiso subject to being 
compromised and reduce the flexibility of installing new 
devices on the network or replacing devices already connected. 

«iso, it communications ba^ri nn 

Lions Dased on the passwords, pins or 

digits! certificates are intercepted during the connection 
process, those security measures may be bypassed by using the 
» intercepted k ey exchange information. "Han-in-the-midd J 

attacks can be used to "fool" a nai- ~* ^ ■ 

rooi a pair of devices that are 

a tempting to change keys. The result of this type of attack 
is the the intruding device exchanges keys with each of the 
pair o, devices. The intruding device can retain an o, the 
20 exchanged k ey information and may modify a transaction, for 

example to transfer a larger monetary amount from a payor into 
n alternative fund, whiie transferring the intended amount 

from a payor to the intended payee. 

» in the BLUETOOTH network security model, a combination 

key mechanism is used that generates an encryption/decryption 
key from stored passkeys within a pair of devices. When the 
devroes are "paired" .e.g., connected during network setup, 

*0 k y'fo'rT d6ViCe U Pr6Sent * UU »*«* 1 »* th. combination 
Key for access to the devices or link establishment can be 

be hacked by calculating the combination keys from guesses at 
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the passkey and comparing them to the received combination 
keys or attempting to establish a link with a device based on 
passkey guesses. 

5 In general, secure setup of a wireless network comprises 

a tradeoff between ease of setup and weakness of security and 
no matter how complicated the setup process, security can 
still be compromised. The only information available for 
uniquely verifying a BLUETOOTH device is its name, class and 
10 address, which may be easily copied. Security improvement 
requires complex manual user intervention such as isolating 
the devices during pairing. 

Further, ad-hoc connection of unknown devices to wireless 
15 networks is desirable in many applications, such as automated 
teller machine (ATM) connections for transactions with a 
wireless payment or ticketing device or a personal computing 
device. Although many transactions require supplemental 
authentication such as password or personal identification 
20 number (PIN) entry, it is desirable to eliminate the need for 
these additional authentication measures. 

Therefore, it would be desirable to provide a method and 
apparatus for enhancing security in a wireless network that 
25 does not increase a level of user intervention and provides a 
level of security that is not compromised by interception of 
connection information. 
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SUMMARY OF THE INVENTION 



The above objective of enhancing security in wireless 
networks is achieved in a method and apparatus. The method is 
embodied in an apparatus that establishes a wireless 
connection between an initiating device and a responding 
device by computing a distance or location of the responding 
device in conformity with a channel time delay between the 
responding device and one or more receivers. At least one of 
the receivers may be located within the initiating device or 
one or more of the receivers may be external to the initiating 
device. If the computed location indicates that the responding 
device is a desired device, a secure connection is then 
established between the initiating device and the responding 
15 device. 



10 



The foregoing and other objectives, features, and 
advantages of the invention will be apparent from the 
following, more particular, description of the preferred 
embodiment of the invention, as illustrated in the 
accompanying drawings. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a pictorial diagram depicting a wireless 
network in which an embodiment of the invention is practiced. 

5 

Figure 2 is a pictorial diagram depicting a wireless 
network in which another embodiment of the invention is 
practiced. 

10 Figure 3 is a block diagram depicting a communications 

loop within which the present invention is embodied. 

Figure 4 is a flowchart depicting a method in 
accordance with an embodiment of the invention. 

15 

Figure 5 is a pictorial diagram depicting a graphical 
output of a software application in accordance with an 
embodiment of the invention. 

20 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

The present invention provides enhanced security within a 
wireless network such as a WLAN (e.g., IEEE 802.11) or WPAN 
5 network (e.g., as BLUETOOTH) network, by adding a device 
location criterion to the network security model, wireless 
network devices may be enhanced to provide a measurement of 
the location or distance between connected devices without 
adding a separate infrastructure as is required with systems 
10 such as the Global Positioning System (GPS) , thereby providing 
distance measurement with low incremental cost. Alternatively 
a separate infrastructure may be added for providing device 
location information and the location information used to 
provide the additional security information. Ultra Wideband 
15 (UWB) technologies as proposed by the UWB working group 

includes precision measurement of pulse arrivals, providing 
direct distance measurement information (or location 
information using multiple receivers) that may be used in 
conjunction with the present invention to provide verification 
20 of physical location of a connecting device. Since the pulse 
arrival timing forms part of the communications reception 
structure, addition of distance measurement may be performed 
without adding device or complexity or communications overhead 
and some proposed UWB devices include distance measurement 
25 capability. 



30 



As described in the above-incorporated patent 
applications, the above-listed portable devices as well as 
other communication systems may be enhanced to provide 
distance measurement capability within portable or stationer, 
wireless devices. The techniques described in the above- 
incorporated patents introduce distance measurement capability 
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within transceivers that are synchronized or unsynchronized 
and full-duplex or half-duplex. 

Another distance-measuring technique is Location Finding 
5 (LF) , in which multiple receivers correlate the time- 
dif f erence-of-arrival (TDOA) of signals received from a 
transmitting source. The location of the transmitting source 
can be determined by triangulation based on the timing between 
the signal arrivals at the multiple receivers. LF and other 

10 techniques are well known in the art for providing wireless 
device location information and may be used within the methou 
and system of the present invention to provide the location 
information on which the security models of the present 
invention use to verify the desirability of providing a 

15 network connection to a wireless device. 

Security within a communications loop is typically 
provided by a mechanism such as encryption/decryption of the 

20 transmitted/received signal. The initialization of the link 
usually includes a key exchange (or agreement) mechanism, 
whereby subsequent communications are secured by encryption in 
conformity with the exchanged keys and decryption in 
conformity with retained keys. However, during the set-up of a 

25 link or during connection within communications networks that 
permit connection of devices having no previous security 
relationship (ad-hoc connection) , information used to 
generate or exchange secret keys (connection information) may 
be intercepted, compromising the security of the connection. 

30 Devices that provide passive physical access such as 

electronic automobile keys and passcards are especially 
subject to so-called "man-in-the-middle" attacks. Newer 
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versions o, these electronic devices provide 
^ration by enabling physlcal 

xiLrr 1 uithin ™ ty ° f the ^ 

requiring the user to press a h»n-™ ~ 
» activation action. If . ^ r \ ^ y ' 

convey signal, bet „ ee „ th . J ^ J ^™ " 

s::„:: tuauy present ' the rei - — - °- «- 

iock. uistance measuring or location 
0 used iv. ■ • location finding techniques can be 

used t0 llmnate tMs securlty hQie _ ^ 

devices to the lock and activation key win exceed a m. ■ 
distance set for security purposes. 

' Referring now to the fioures =„h 

i , • , ngures and in particular to Fioure 

1, a wireless network 10 within which t-h* 

-died is depicted in a .^CTn^ 1 : " 
ire ess devices „. M . lf , „ may /< 

Master device, connection node or server node through which 
o her wireless devices may connect to the tireless net* 
The devices represented in solid hlack are -desired" 
—ions. while the devices represented in „ hit e by 
outlines are "undesired" connections. 

,easur 0 i n noTT ment °' ""^ "~ 
meas urlng echniques to ejtabush a 

measuring the distance between node 12 and inter ■ 
devices „n^. . ana rnter-communicating 

c ud d b T de " iCe 19 0 " Side ° f °» «„ be 

w „ th ini " 9 that diStan " * «-„ce 

"hidh is the maximum permitted connection distance 
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Other embodiments of the invention use a measured 
distance between devices to determine whether or not the 
measured distance between devices conforms to a pre-programmed 
distance or to permit manual/visual verification of a measured 
5 distance between devices before establishing a connection. For 
example, although device 16 is within perimeter 18, the 
connection from node 12 to device 16 can be disallowed by 
displaying distance d3 in a prompt to a user or a network 
administrator, providing manual control of a connection to 
10 device 16. The connection to device 14 may be established 

automatically by determining that distance dl corresponds to 
the location of desired device 14 either automatically by 
comparison to a pre-programmed distance or by manually 
verifying distance dl. 

15 

In yet another embodiment of the present invention, a 
very short distance (for example 0.3 meters) may be used to 
set a threshold for device pairing. Automatic pairing can be 
initiated when a device is brought within the pairing distance 

20 threshold (0.3m). In each of the above-described embodiments, 
a device which does not allow distance measurement is 
considered to be out of any predefined range. Short-range 
distances can also be used for adding auto-connection security 
to previously unpaired devices. When such devices are. brought 

25 within the short-range security perimeter, connection can be 
automatically established. Auto-connection security using 
distance measurement may provide, for example, additional 
security to a visually verified transaction. 

30 Referring now to Figure 2, a pictorial diagram of a 

wireless network 20 according to another embodiment of the 
invention is depicted. Network 20 includes another level of 
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security to the location or distance criterion security model 
by using a facility map in conjunction with the distance or 
location measurement. For location measurement (e g 
triangulation to determine exact position of a connecting 
device,, the facility map can be compared to determine 
precisely whether or not a device is present in a particular 
room, group of rooms or within a secured facility. For 
distance measurement, the measured distance can be used to 
determine a reasonable estimate of whether or not a device is 
within a particular room or facility. 

Wireless device 12A represents a connection node to which 
devices 14A, 14B, 1 6A and/or 19A may be connected. Devices 12A 
14A, 14B and 16A are located within a facility comprising room 
17A and room 17B. For distance measurement, a circular secure 
perimeter 18A is set to include room 17A and 17B and include- 
area that is not within the facility, if i ocation finding 
rather than distance measurement is used, it is possible to 
implement a secure perimeter 18B that conforms to the actual 
layout of the facility. For illustrative purposes, operation 
of the system will be described with respect to circular 
security perimeter ISA. Undesired device 19A is located 
outside of secure perimeter ISA and thus connection may be 
denied as described above with respect to the operation of 
network 10. Undesired device 16a, however, i s denied 
connection because device 16A is registered for connection 
only within room 17a and location calculation has determined 
that device 16A is located within room 17B (or outside of the 
facility altogether, . The above example shows an embodiment of 
the present invention that uses a facility map in conjunction 
with distance measurement, but other configurations combining 
either distance measurement or locating finding with facility 
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mapping may be implemented so that the facility information is 
used in conjunction with the location information to provide 
detailed exclusion of undesired connections both within and 
without a facility. 

5 

Referring now to Figure 3, a communications loop within 
which the present invention is embodied is depicted in a block 
diagram. Wireless devices 21A and 21B may be mobile 
telephones, personal digital assistants (PDAs), headsets, 

10 laptop computers with wireless modems, pagers, or other 

portable or non-portable network devices that include wireless 
communications capability. Some devices in the associated 
wireless network may be receive-only or broadcast only, but in 
order to implement the distance measuring techniques of the 

15 present invention, a pair of transceivers is used, as a signal 
must be transmitted from an initiating device to a responding 
device and a second signal is then returned from the measured 
device. Location finding techniques may be performed on 
transmit-only devices by observing the TDOA between other 

20 receivers when the transmit-only device transmits. For 

transmit only devices, secure key exchange protocols are not 
possible, so the distance measuring or location finding 
criteria are especially important to enhance security if a 
transmit-only device is permitted to introduce information to 

25 a wireless network. 

Wireless devices 21A-21B are transceivers capable of 
communicating using a common protocol and frequency band of 
operation. For example, transceivers 21A-21B may be BLUETOOTH 
30 devices communicating in a band centered around 2.4GHz and 
having a bandwidth of approximately 80 MHz. 79 channels are 
provided with a 1MHz bandwidth each, and the devices frequency 
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hop at a rate of 1600 hops per second. A complete protocol, 
including communications control protocols and transport layer 
protocols are defined by the BLUETOOTH specification, 
providing a complete wireless networking solution. While the 
BLUETOOTH specification is of particular interest in wireless 
networking, it should be understood that the techniques of the 
present invention apply to wireless networks in general. 

Each of transceivers 21A and 21B include a transmitter 
24A, 24B a receiver 25A, 25B an antenna 22A, 22B and a 
processor 26A and 26B, processors 26A and 26B include 
necessary memory such as RAM or ROM for storing program 
instructions and data for execution on a microcontroller, 
microprocessor or a general purpose computer system for 
15 implementing methods in accordance with embodiments of the 
present invention. For example, transceiver 21A may be a 
wireless network server node comprising a wireless modem 
coupled to a server having random access memory (RAM) and disk 
storage for storing, retrieving and executing a network 
20 management application having a database of infrastructure 
connected wireless devices, including a database of pre- 
programmed distances for comparison to measured distances in 
accordance with an embodiment of the present invention. 
Transceiver 21B may be a PDA attempting to connect to a server 
25 through transceiver 21A. While either static or mobile devices 
may initiate connection, and either device may perform the 
distance measurement, for illustrative purposes, server 
transceiver 21A polls for new devices serving as the 
initiating device and PDA transceiver 21B responds as the 
30 responding device. Through measuring the loop delay, processor 
26A can estimate the distance to PDA transceiver 21B and 
determine whether or not to permit a connection to PDA 
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transceiver 21B in conformity with a stored distance value 
that may be a security perimeter or a pre-programmed distance. 
If the distance indicates that PDA transceiver 21B is a 
"desired" connection, key exchange and subsequent secure 
5 communication may be established. 



The above-described example illustrates an ad-hoc 
connection using distance measurement or location finding as a 
security criterion. For an infrastructure connection, 

10 transceiver 21A may verify that information provided by 

transceiver 21B corresponds to a known device and processor 
26A may verify that the distance 21B corresponds to an 
expected distance for transceiver 21B. Other variations may be 
of advantage, such as using the distance measurement within a 

15 mobile device such as PDA transceiver 21B to verify that PDA 
transceiver 21B is connecting to a desired wireless network, 
in which case processor 26B would verify that server 
transceiver 21A is located at an expected distance from 
transceiver 21B. 

20 

The present invention may measure distance using 
techniques similar to those described in the above- 
incorporated patent applications, wherein the slope of phase 
versus frequency as measured around a communications loop and 

25 over a plurality of frequencies is used to determine the 

distance between a pair of transceivers. The ambiguities due 
to an unknown number of wavelengths between the transceivers 
and due to multipath distortion is resolved by the use of 
multiple frequency measurements. Alternatively, or in concert, 

30 the present invention may measure location using triangulation 
among two or more devices to determine the relative position 
of a responding device* 
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In general, there are three phases that are used to 
provide security within the present invention: 1) measurement 
of distance or location, 2) Key exchange or other security 
protocol, and 3) secure communication after key exchange. 
Variations on the phases above may also be used. For example, 
key exchange may be used only on initial network setup, while 
distance or location verification is used periodically, on 
link establishment or for authentication/verification in 
subsequent sessions. Also, under some circumstances, secure 
communications may not be used at all, but a distance or 
location measurement used to exclude a device (for example, 
rejection of a connection to an incorrect wireless mouse or 
keyboard between neighboring computer workstations).. 
15 Further security can be provided for devices that have 

already established a connection by encrypting/decrypting the 
distance measurement or location finding signals. The DM/LF 
signals may be encrypted using a secret that both sides share 
after initial pairing that is not relayed through the 
communications channel. Such a secret can be a random internal 
timing, hopping sequence or some other internal parameter. A 
random parameter is derived from a "key number" that the 
master transmits to the slave and is known only to both of 
them, or using a "rolling code" technique similar to the 
rolling code used for security in present-day RF automotive 
remote lock/alarm activation devices. 

While very sophisticated techniques are required to 
generate a false distance measurement or location, it is 
possible to generate such signals. Since the distance 
measurement or location finding signal is transmitted and 
received over a very short interval (generally the signal 
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occupies half of a time slot for each direction of 
transmission), brute-force attempts to simulate encrypted 
distance measurement signals will not succeed, due to a lack 
of computation time. 

5 

Also, for connections such as electronic funds 
transactions, the distance measurement or location finding may 
be performed only when a user initiates a transaction. The 
above-described implementation makes it possible to establish 

10 access without a verified distance for services such as menu 
and information browsing, but providing physical location 
verification for sensitive transactions, in particular 
transactions subject to non-repudiation requirements. In 
addition to electronic funds transactions, transactions usincy 

15 digital signatures or certificates may be further secured by 
the techniques of the present invention. For example, privacy/ 
security and validity confidence of an electronic execution of 
a contract document using a personal transaction protocol 
(PTP) that includes a digital signature may be enhanced by 

20 verifying physical location and the physical location 

information may also be embedded in the transaction record 
along with time and date stamping or stored in a separate 
record referenced to the transaction. Security may also be 
enhanced through a token authentication method wherein a 

25 second device registered to or owned by the same user is used 
to provide additional assurance that the intended person is 
executing the transaction. 

30 Referring now to Figure 4, a method in accordance with an 

embodiment of the present invention is depicted in a 
flowchart. First, a distance measuring signal is transmitted 
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from an initiating device (step 30) and a responding device 
receives the distance measuring signal (step 31) . A return 
signal is transmitted to the initiating device (step 32, and 
the initiating device computes the distance between the 
devices in conformity with the loop delay between the devices 
(step 33, . m general, it is necessary to repeat steps 30-32 
for a set of differing frequencies (as is described in the 
above-incorporated patent applications) in order to resolve 
ambiguities in the time delay-distance calculation. For 
10 xllustrative purposes, the description of the technique 
includes receiving and transmitting a single signal, but 
should be understood to contemplate multiple discrete 
frequency measurements or a continuously varying measurement. 
Wxth respect to LF techniques, a single frequency or multiple 
frequencies may be used, depending on the number of receivers 
used to triangulate the distance, as in LF techniques, 
ambiguities may be resolved by resolving the measured delays 
over multiple receivers, if the computed distance conforms to 
the distance of a desired device connection (decision 34) a 
Prompt list may be generated to a user (optional step 35, and 
the user permitted to verify whether or not the responding 
device is a desired device (optional step 36, and then in 
response to a positive used indication in step 36 or an 
automatic connection after step 34, a secure connection is 
25 established (step 37, . 

The use of a list/prompt to permit a network 
administrator or user to verify a device connection is 
especially useful in organizing a large wireless network 
30 wherein hundreds of wireless devices may be "seen" by the 

network. Referring now to Figure 5 a graphical output 40 of a 
network management application is depicted in accordance with 
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an embodiment of the invention. Graphical output 40 displays a 
list of devices that may be organized in order of increasing 
distance from a wireless server connection point making it 
easier to view desired local devices and ignore more remote 
5 devices that are generally unconnected. The list may be 

segregated into screens for particular rooms, facilities or 
local networks. List 42 shows address, name, device class, and 
distance/connection information for a plurality of devices. 
Reading down the list, a palm computer, a mobile telephone and 

10 a mouse are connected as they have met a short distance 

threshold for any local device (<.5m). A drive array DAI is 
connected as the measured distance matches the installed 
distance (1.5m). A connection to device indicating that is 
server SRV11B is denied, as the installed distance is 8.2 m 

15 and the measured distance is 4.0m. A mobile telephone at 6 
meters is likewise denied as the criterion for mobile 
telephones is set to 0.5m. A server SRV11B is connected at the 
expected distance of 8.2m. 

20 List 42 depicted in graphical output 40 provides an 

indication of connection status and indicates anomalies such 
as the two entities representing themselves as SRV11B, as well 
as a distance location. Location information provided by LF 
may be displayed as coordinates or in a graphical map, 

25 permitting verification of device location for connecting 
devices. 

A prompt 44 indicates that the server has located another 
wireless device at a distance or location within connection 
30 range and offers the user an opportunity to deny the 

connection. Many other variations in graphical output and 
automatic vs. user prompted manual operation are possible and 
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graphical output 44 is provided only as an example of a 
management tool that benefits from the enhancements of the 
present invention. 



5 



in addition to the examples provided above, the present 
invention may use location criteria, distance criteria, or 
installed distance information from a database to perform 
connection to nearby devices first, speeding network 
initialization by effectively communicating f irst with deviCcS 
10 having a higher probability of permitted connection. In 

addition, measurements of signal strength - received signal 
strength indication (RSSI, may be used to determine connection 
order, reduce the distance measurement time or further verify 
the measured distance. 



15 



20 



25 



30 



RSSI measurement may also be used to adjust the transmit 
power and hand-over algorithms when a device is in transit 
between connection (master) nodes. Distance measurement can be 
used to determine when to adjust the transmitter power and 
indicate to the master nodes when to hand off the connection 
to an attached device, providing a more secure environment 
when a mobile device is transitioning from a coverage area for 
one master device to a second master device. 

Distance measurement can also be used to provide a "junk 
filter" that prevents undesirable connections based on pre- 
programmed rejection perimeters or locations. A mobile device 
for example, may be programmable to set a distance threshold 
beyond which only known devices can connect, thereby 
preventing connection to unknown devices beyond a certain 
distance or outside of a predetermined location map. Two such 
perimeters may be used, one for known and one for unknown 
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devices, so that a device will not connect with any device 
beyond an outside perimeter, will connect with only known 
devices within the outside perimeter but outside of an inner 
perimeter, and will connect with any device within the inner 
5 perimeter. Perimeters may also be programmed such that only 
devices of a certain type are allowed to connect beyond a 
specified distance or location map, while devices of any type 
or another group of types are allowed to connect inside of the 
specified distance or location map. 

10 

While the invention has been particularly shown and 
described with reference to the preferred embodiments thereof, 
it will be understood by those skilled in the art that the 
foregoing and other changes in form, and details may be made 
15 therein without departing from the spirit and scope of the 
invention . 
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WHAT IS CLAIMED IS: 

1. A method for establishing a secure wireless connection 
between a first wireless device and a second wireless device, 
said method comprising: 

5 measuring a radio-frequency communications delay between 

said second wireless device and at least one other wireless 
device; 

computing an indication of physical location of said 
second wireless device with respect to said at least one other 
10 wireless device; 

determining whether or not said indication of physical 
location indicates that connection between said first wireless 
device and said second wireless device is desirable; and 
in response to determining that said connection is 
15 desirable, initiating said secure wireless connection between 
saxd first wireless device and said second wireless device. 

2. The method of Claim 1, wherein said at least one other 
wireless device is said first wireless device, wherein said 
computing computes a distance between said first wireless 
device and said second wireless device, and wherein said 
determining determines whether or not said distance indicates 
that said connection is desirable. 

25 3. The method of Claim 2, wherein said determining determines 
that said distance is substantially equal to a predetermined 
distance corresponding to an expected distance between said 
first wireless device and said second wireless device. 

30 4. The method of Claim 2, wherein said determining determine- 
that said distance is less than a predetermined security 
perimeter distance. 
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5. The method of Claim 4, wherein said determining determines 
that said distance is less than a predetermined distance and 
wherein said initiating is performed automatically in response 

5 to placing said first wireless device and said second wireless 
device within said predetermined distance, 

6. The method of Claim 1, wherein said at least one other 
wireless device comprises at least two other wireless devices, 

10 wherein said computing computes a triangulated location of 
said second wireless device in conformity with said radio- 
frequency communications delay between said two other wireless 
devices, and wherein said determining determines whether or 
not said location of said second wireless device indicates 

15 that said connection is desirable. 

7. The method of Claim 1, wherein one of said at least two 
other wireless devices is said first wireless device, whereby 
said triangulation is performed between said first wireless 

20 device and at least one other wireless device. 

8. The method of Claim 1, wherein said, determining further 
comprises: 

providing a display of said indication of physical 
25 location of said second wireless device to a user; and 

in response to receiving a user input confirming that 
connection to said second wireless device is desirable, 
performing said initiating. 

30 9. The method of Claim 1, further comprising in response to 
determining that said connection is not desirable, alerting a 
user to a presence of said second wireless device. 
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10. The method of Claim 1, wherein said second wireless device 
comprises multiple wireless devices and wherein said measuring 
and computing are performed for said multiple wireless 
5 devices. 



10 



11. The method of Claim 10, further comprising: 

determining signal strengths of signals received from 
said multiple wireless devices; 

performing said measuring and computing in order of 
decreasing signal strength, whereby a time of said initiating 
is reduced for said multiple devices. 

12. The method of Claim 10, further comprising providing a 
15 list of said multiple devices to a user, said list including 
said computed indications of physical location, whereby said 
user may view a number of said multiple devices and their 
corresponding physical location indications. 



20 



13. The method of Claim 12, wherein said list is displayed in 
order of increasing distance, whereby selection of nearby 
devices is facilitated. 

14. The method of Claim 1, wherein said first wireless device 
25 is a server, and wherein said determining provides additional 

security for access to a wireless network. 

15. The method of Claim 1, wherein said first wireless device 
is a workstation, and wherein said determining provides 

30 additional security for access to said workstation. 
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16. The method of Claim 1, wherein said measuring is performed 
by receiving and decrypting an encrypted distance measurement 
signal . 

5 17. The method of Claim 1, wherein said secure wireless 
connection activates a physical access device. 

18. The method of Claim 1, wherein a non-secure connection 
exists between said first wireless device and said second 
10 wireless device and wherein said determining and initiating 

are performed in response to a secure transaction request from 
one of said first wireless device or said second wireless 
device. 

15 19. The method of Claim 1, further comprising adjusting a 

power level of transmissions associated with said connection 
in conformity with said indication of physical location, 
whereby security of said connection is improved. 

20 20. The method of Claim 1, wherein said connection represents 
a connection hand-off of a connection between a connected 
device and said second wireless device for hand-off from said 
connected device to said first wireless device, and further 
comprising determining whether or not to accept said hand-off 

25 in conformity with said indication of physical location. 
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21. The method of Claim 1, further comprising: 

comparing said indication of physical location to a 
predetermined security perimeter; 

in response to determining that said indication of 
physical location is outside of said predetermined security 
perimeter, determining whether or not said second wireless 
device is a known device, and wherein said initiating is 
performed only in response to determining that said second 
wireless device is a known device. 

22. The method of Claim 1, further comprising: 

comparing said indication of physical location to a 
predetermined security perimeter; 

in response to determining that said indication of 
physical location is outside of said predetermined security 
perimeter, determining whether or not said second wireless 
device is of a type within a set of predetermined types, and 
wherein said initiating is performed only in response to 
determining that said second wireless device is of a type 
within said set. 
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23. A wireless communications device, comprising: 
an antenna; 

a radio-frequency receiver coupled to said antenna; 
a radio-frequency transmitter coupled to said antenna; 
5 a measurement sub-system coupled to said receiver for 

measuring a radio-frequency delay between said wireless device 
and at least one other wireless device; 

a processing sub-system for computing an indication of a 
distance of said at least one other wireless device in 
10 conformity with said measured delay; and 

and a security sub-system for determining whether or not 
communications with said at least one other wireless device 
are desirable in conformity with said indication of distance. 



15 24. The wireless communications device of Claim 23, wherein 
said security sub-system determines that said distance is 
substantially equal to a predetermined distance corresponding 
to an expected distance between said first wireless device and 
said second wireless device. 

20 

25. The wireless communications device of Claim 23, wherein 
said security sub-system determine determines that said 
distance is less than a predetermined security perimeter 
distance. 

25 

26. The wireless communications device of Claim 25, wherein 
said security sub-system determines that said distance is less 
than a predetermined pairing distance and wherein said 
initiating is performed automatically in response to moving 

30 said first wireless device and said second wireless device 
within said predetermined pairing distance. 
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27. A wireless network comprising: 

a first wireless communications device; 
at least one other wireless communications device, 
including a measurement sub-system for measuring a radio- 
frequency delay between said at least one other wireless 
device and a connecting wireless device; and 

a processing sub-system for computing an indication of a 
physical location of said connecting wireless device in 
conformity with said measured delay; and 

a security sub-system for determining whether or not a 
connection between said first wireless device and said 
connecting wireless device is desirable in conformity with 
said indication of physical location. 

28. The wireless network of claim 27, wherein said at least 
one other wireless device comprises at least two other 
wireless devices, wherein said processing subsystem computes a 
triangulated location of said connecting wireless device in 
conformity with said radio-frequency communications delay 
between said two other wireless devices, and wherein said 
security subsystem determines whether or not said location of 
said connecting wireless device indicates that said connection 
is desirable. 

29. The wireless network of Claim 28, wherein one of said at 
least two other wireless devices is said first wireless 
device, whereby said triangulation is performed between said 
first wireless device and at least one other wireless device. 



28 



WO 03/100348 



PCT/US03/16657 



30. The wireless network of Claim 27, wherein said security 
subsystem further includes means for providing a display of 
said indication of physical location of said connecting 

5 wireless device to a user. 

31. The wireless network of Claim 27, further comprising means 
for receiving a user input confirming that connection to saici 
connecting wireless device is desirable, and wherein said 

10 security subsystem permits connection of said first wireless 
device with said connecting wireless device in conformity with 
said user input. 

32. The wireless network of Claim 21, wherein said security 

15 subsystem further provides an alert in response to determining 
that connecting to said connecting wireless device is 
undesirable. 

33. The wireless network of Claim 21, further wherein said 
20 first wireless device further comprises a signal strength 

measuring circuit coupled to said measurement subsystem for 
measuring a signal strength of signals received from multiple 
wireless devices, and wherein said measurement subsystem 
measures said multiple wireless devices in order of decreasing 
25 signal strength, whereby connection time is reduced for said 
multiple devices. 
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34. The wireless network of Claim 27, further comprising means 
for displaying a list of multiple wireless devices to a user, 
said list including said computed indications of physical 
location provided by said measurement subsystem, whereby said 
user may view a number of said multiple devices and their 
corresponding physical location indications. 

35. The wireless network of Claim 34, wherein said list is . 
displayed in order of increasing distance, whereby selection 
of nearby devices is facilitated. 



36. The wireless network of Claim 27, wherein said first 
wireless device is a server, and wherein said security 
subsystem provides additional security for access to a 

> wireless network. 

37. The wireless network of Claim 27, wherein said first 
wireless device is a workstation, and wherein said security 
subsystem provides additional security for access to said 
workstation. 
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